Can't seem to get rid of Virus

I've followed the 8 steps and though it cleared a lot of spyware, I still seem to have a virus. I have done some googling and i am worried it could be a Virut infection, which apparently can only be removed from a complete formatting.

oashdihasidhasuidhiasdhiashdiuasdhasd - I have this file in my users folder and there was a v.exe there as well, which i deleted.

I have used malwarebytes, S + B, Adaware, superantispyware, Stopzilla (which though has terrible reviews seem to find an awful lot more than the others), and still the problem remains.

I believe the infection came from p2p software but i have scanned the file i was downloading and nothing seems to come up. I have of course uninstalled it all.

With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)

Wait for the scan to be completed.

If it requires a reboot, please do it.

• After the scan has completed entirely, please attach report in next reply The log will be located at C:\ComboFix(.txt)

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

I followed the instructions but when combo fix finished nothing would open as everytime i clicked on something it would come up with a window saying - cannot open program as registry key is set for deletion.

After restarting computer, it was fine to open programs again. But hijack log when doing its scan came up with an error box.

peter, it doesn't look like you ever have Avast quarantine what it finds- looks like you just keep adding Worm after Worm!

I see 7 months of infections in the Avast log with no indication of Quarantine. you need to open Avast, check the settings, run it again. IF the files aren't being quarantined, then you're just adding malware.

After the malware is quarantined, go into the program and delete the quarantined files.

There is also an entry that shows a pirated program:TubeHunter.Ultra.v3.0.2755.0.Cracked

You will need to remove that if you want continued support.

You mentioned an error when trying to run Combofix, then included the report. How did you manage that?

And what was the error that came up with HijackThis? These things are important for me to know. The can give information about a system problem or the malware itself.

It will close all programs itself when run, make sure to let it run uninterrupted.

Click the Start button to begin the process. The program should not take long to finish its job

Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Looks like you downloaded and use a program named Trojan Remover from SimpleSoft on the same day you ran the scans.Ho about disabling it so we can see the Trojans- is any?

Spybot Search & Destroy is outdated. Suggest you either update it or remove it.

So do the following:
1. Remove the pirated program.
2. Run the AV and delete the files in the quarantine.
3. run the Temporary File Cleaner

I have uninstalled the program and I ran Avast. It came up with one issue.

I really dont know how I havent been using the AV properly. Whenever it comes up with something one can either "continue" or "cancel". I just assumed it deleted it when I pressed continue. I went to the chest and found 4 or so files that were infected and i deleted them.

I cant remember what hijack said when it showed an error but it hasnt happened since. Combofix ran fine, it was afterwards that I found the problem.

12/22/2008 1:19:02 AM SYSTEM 1640 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
This looks like the program couldn't update.

Then it shows this:2/22/2009 11:19:14 AM Will 4040 Sign of "Win32:Keygen-BE [Tool]" has been found in "c:\users\will\appdata\local\temp\rar$ex00.179\avast.pro.v4.8.1169.new.keymaker.only-core\keygen.exe\[PECompact]" file.

From Microsoft:

HackTool:Win32/Keygen is the detection for a tool that generates keys for illegally-obtained versions of Adobe Photoshop CS3. When run, it shows the following image:

Click to expand...

T add insult to injury, it appears you have even pirated the antivirus program!2/22/2009 11:19:14 AM Will 4040 Sign of "Win32:Keygen-BE [Tool]" has been found in "c:\users\will\appdata\local\temp\rar$ex00.179\avast.pro.v4.8.1169.new.keymaker.only-core\keygen.exe\[PECompact]" file.

I am ending my support on this. I suggest you wipe all the illegal software off the computer and start new, with legitimate programs that you pay for.

Some times 'friend's' may mean well, but in this case, they did you a disservice. The Avast antivirus program is free, but 'suites' that usually combine an AV, firewall and anti-spyware cost $. You need to get rid of it all and start over, with a clean system. And you might want to keep that 'friend' away!

Here are some tips for you to help you stay safe and put reliable "free" programs on the clean system:
Please follow these simple steps to keep your computer clean and secure:1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one: System Restore Guide

2.Stay current on updates:

Visit the Microsoft Download Sitefrequently.
You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP1

Visit this site[Adobe Readeroften and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.

Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

3.Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

Google Toolbar Get the free google toolbar to help stop pop up windows.

These won't help you now on the 'dirty' system, but set them up after you cleanup.

If I can be of further assistance, please let me know. Help and support is only given in the forums but you can send a PM to me and bring my attention
back to the thread.